BreachExchange mailing list archives
Re: fringe Federal law and ID theft prevention
From: "Michael Hill, CITRMS" <mhill () idtexperts com>
Date: Thu, 4 Sep 2008 13:02:56 -0400
I want to add one thing to this very informative article from Jones Day written by Kevin Sykes that I believe is an important part of the administering of the "Identity Theft Prevention" program under the Red Flag Rules. As a consultant who has assisted many companies in their ID Theft program, training their employees on the program and the reality of identity theft is an absolute must for all businesses. I think its .90(e) in the rules. We read article after article on this webboard about data breaches and the loss of PII and it seems the human element plays a VERY big part. To not train ALL your employees, I think would be leaving your business open to even more liability. Yes, even the warehouse personnel as well. Michael Hill Certified Identity Theft Risk Management Specialist 404-216-3751 www.idtheft101.net ----- Original Message ----- From: "Henry Brown" <hbrown () knology net> To: <dataloss () attrition org> Sent: Thursday, September 04, 2008 9:46 AM Subject: [Dataloss] fringe Federal law and ID theft prevention A ~2300 word "posting" with at least 20 different related links.... http://www.jonesday.com/pubs/pubs_detail.aspx?pubID=S5427 On December 4, 2003, the President signed into law the Fair and Accurate Credit Transactions Act ("FACTA"). FACTA was enacted by Congress to provide consumers with increased protection from identity theft. The regulations directed six agencies to jointly "establish and maintain guidelines…[that] identify patterns, practices, and specific forms of activity that indicate the possible existence of identity theft."[1] Accordingly, the six agencies published the final regulations on November 9, 2007, and those regulations became effective January 1, 2008.[2] However, compliance with the regulations is not mandatory until November 1, 2008.[3] The final regulations contain three parts. First, they require covered entities to create a written identity theft program designed to detect, prevent, and mitigate identity theft in connection with certain covered accounts (the "Red Flag Rules" or the "Rules"). Second, the regulations impose requirements on consumer reporting agencies related to discrepancies between an address contained in a request for a consumer report and the address in the consumer reporting agency's file. Third, the regulations impose requirements on debit and credit card issuers to implement procedures to assess the validity of address changes under certain circumstances. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- fringe Federal law and ID theft prevention Henry Brown (Sep 04)
- Re: fringe Federal law and ID theft prevention Michael Hill, CITRMS (Sep 04)
- Re: fringe Federal law and ID theft prevention Derek Rigsby (Sep 04)
- Re: fringe Federal law and ID theft prevention Adam Shostack (Sep 04)
- Re: fringe Federal law and ID theft prevention Derek Rigsby (Sep 04)
- Re: fringe Federal law and ID theft prevention Adam Shostack (Sep 04)
- Re: fringe Federal law and ID theft prevention Derek Rigsby (Sep 04)
- Re: fringe Federal law and ID theft prevention Michael Hill, CITRMS (Sep 04)